1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Hackers are targeting US critical infrastructure using this Citri

    From TechnologyDaily@1337:1/100 to All on Tue Jul 25 15:00:03 2023
    Hackers are targeting US critical infrastructure using this Citrix zero-day

    Date:
    Tue, 25 Jul 2023 14:47:52 +0000

    Description:
    Citrix urges users to apply the fix ASAP, with US critical infrastructure among those affected.

    FULL STORY ======================================================================

    Hackers have been observed exploiting a zero-day vulnerability in a Citrix product to target at least one critical infrastructure organization in the United States.

    The news, reported by Tech C runch , has since been confirmed by the US Cybersecurity and Infrastructure Security Agency (CISA), as well as several cybersecurity firms.

    As per the report, unnamed hackers used a flaw in NetScaler ADC and NetScaler Gateway tracked as CVE-2023-3519. It has a severity rating of 9.8, making it
    a critical flaw. They used it to run arbitrary code on the devices as unauthenticated users. NetScaler ADC and NetScaler Gateway are enterprise-grade products built for secure application delivery and VPN services. Citrix zero-day threat

    A few days after Citrix released a fix and urged users to apply it
    immediately as the flaw was being used in the wild, CISA came forward saying it had observed the flaw abused in June, against an unnamed US critical infrastructure organization.

    According to CISA, the attackers used the flaw to deliver a webshell on NetScaler ADC, which allowed them to steal sensitive data from the firms Active Directory. The good news is that the appliance was isolated inside the network, preventing the attackers from moving laterally and wreaking even
    more damage. Read more

    Citrix urges admins to patch these dangerous flaws immediately


    NSA warns Citrix devices are under attack from Chinese hackers, so update
    now


    These are the best malware removal tools around

    This firm might have walked away with a scratch, but others might get seriously hurt, the publication states, there are reprotedly more than 15,000 Citrix servers worldwide yet to be patched, and as such are vulnerable to
    this flaw. Most of them are in the United States (5,700), with significant numbers also in Germany (1,500), and the UK (1,000).

    Citrix says it doesnt know whos exploited the flaw so far, but suspects both financially-motivated actors and state-sponsored ones. China is being mentioned again. Researchers from Mandiant were on the same vein, saying the activity was consistent with previous operations by China-nexus actors based on known capabilities and actions against Citrix ADCs in 2022. Here are the best firewalls to keep your business protected



    ======================================================================
    Link to news story: https://www.techradar.com/pro/hackers-are-targeting-us-critical-infrastructure -using-this-citrix-zero-day


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)